Apple - Safari 7 can't connect to intranet using HTTP authentication

I can confirm that I see the identical problem with Safari 7.0.2 (9537.74.9), with all current Mac OS X Mavericks updates installed. (Thousands of request packets per second with the same kind of content as described above.)

However, while this may or may not help the original poster, I have found that this problem only occurs if the Windows server has Integrated Windows Authentication (also known as NTLM Authentication) and Negotiate Authentication enabled.

The server then sends these two headers:

WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM

Safari will reply:

Authorization: Negotiate YEgGBisGAQUFAqA+MDygDjAMBgorBgEEAYI3AgIKoioEKE5UTE1TU1AAAQAAAAUCiGIAAAAAGAAAAAAAAAAYAAAABgGwHQ8AAAA=

And from there, the loop will get going.

But if Negotiate Authentication is not enabled on the server, there will be only one WWW-Authenticate header:

WWW-Authenticate: NTLM

And Safari's reply will be something like:

Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=

This will work just fine. Essentially, it seems that Negotiate is broken in Safari, and since the server sends Negotiate first, indicating a preference for it, Safari will try it and enter an infinite loop that prevents it from falling back to NTLM.

So, if the server administrator can be persuaded to turn off Negotiate in the authentication settings, the problem may be solved.

I might add that Firefox sends the "Authorization: NTLM ..." header regardless of whether the server provides Negotiate in addition to NTLM or not. Presumably, Negotiate is not implemented in Firefox.


Update

Safari 7.0.3 (9537.75.14) still exhibits the same problem.

We previously reported the issue as a bug at bugreport.apple.com, but the bug was closed as a duplicate of a previous bug—the contents of which we cannot see, except that it is still marked as open.

Update 2

I can confirm hauns's finding that the authentication works with Safari 7.0.4 (9537.76.4).

Update 3

This issue is back in Safari 7.0.5 (9537.77.4)

Update 4

This issue is still present in Safari 7.0.6 (9537.78.2), as noted by hauns, with cifs or smb volumes mounted.


Safari 7.0.5 still has the issue: authentication breaks down if finder shares network resources via SMB: (or CIFS:). once all connected network volumes are unmounted, Safari resumes proper authentication.

Regression:

  1. present in Yosemite 10.10.1/Safari 8.0.2
  2. present in El Capitan 10.11.2/Safari 9.0.2
  3. present in Safari 10.0.1

The corresponding Apple bug 22990203 is still active. No mortal is allowed to see it (cf.bugreporter.apple.com)

See also: https://discussions.apple.com/message/27727310#27727310